SYSTEM AND METHOD FOR CREATING AND APPLYING CATEGORIZATION-BASED POLICY TO SECURE A MOBILE COMMUNICATIONS DEVICE FROM ACCESS TO CERTAIN DATA OBJECTS

US 20140310770A1
Filed: 06/27/2014
Published: 10/16/2014
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a) at a server running an application security component, creating a plurality of categorization-based application policies;

b) storing the plurality of categorization-based application policies in data storage accessible to the server running the application security component;

c) at the server running the application security component, establishing communication with a specific mobile communication device to obtain information about the specific mobile communication device;

d) at the server running the application security component, based upon the obtained information, identifying from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; and

,e) at the server running the application security component, making the identified categorization-based application policy available to the specific mobile communication device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server creates categorization-based application policies and selects a specific policy to send to a mobile communications device. In one embodiment, the mobile communication device applies the categorization-based application policy received from the server to information about a data object (e.g., application) that the device wants to access (or has accessed). Based on the application of the categorization-based policy, the device may be permitted to access the data object or the device may not be permitted to access the data object.

33 Citations

View as Search Results

33 Claims

1. A method comprising:
- a) at a server running an application security component, creating a plurality of categorization-based application policies;
  
  b) storing the plurality of categorization-based application policies in data storage accessible to the server running the application security component;
  
  c) at the server running the application security component, establishing communication with a specific mobile communication device to obtain information about the specific mobile communication device;
  
  d) at the server running the application security component, based upon the obtained information, identifying from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; and
  
  ,e) at the server running the application security component, making the identified categorization-based application policy available to the specific mobile communication device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein creating a plurality of categorization-based application policies comprises processing:
    - categorization data about data objects available for access by mobile communication devices;
      
      mobile communication device data about mobile communication devices; and
      
      data about mobile communication device operating systems to create the plurality of categorization-based application policies.
  - 3. The method of claim 2, wherein the mobile communication device data comprises data about types of mobile communication devices.
  - 4. The method of claim 1, wherein establishing communication with a specific mobile communication device comprises establishing communication with an application security component running on the mobile communication device.
  - 5. The method of claim 1, wherein the obtained information about the specific mobile communication device comprises the mobile communication device type and operating system.

6. A method comprising:
- a) at a mobile communication device running an application security component, receiving user input about categories of data objects that the mobile communication device is permitted to access and about categories of data objects the mobile communication device is not permitted to access;
  
  b) at the mobile communication device, processing the user input by the application security component to create a categorization-based application policy;
  
  c) at the mobile communication device application security component, receiving a request to access a data object and information about the data object;
  
  d) at the mobile communication device application security component, applying the categorization-based application policy to the information about the data object;
  
  e) when the mobile communication device application security component determines that the data object is permitted, permitting the mobile communication device to access the data object; and
  
  f) when the mobile communication device application security component determines that the data object is not permitted, not permitting the mobile communication device to access the data object.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein, when the mobile communication device is not permitted to access the data object, the data object is deleted from the mobile communication device when the data object is present.
  - 8. The method of claim 6, wherein, when the mobile communication device is not permitted to access the data object, the data object is quarantined so that the data object is not accessible to the mobile communication device when the data object is present.
  - 9. The method of claim 6, further comprising obtaining data about an operating system used by the mobile communication device, and wherein the processing comprises processing the user input and the data about the operating system to create a categorization-based application policy.
  - 10. The method of claim 6, further comprising, at the mobile communication device, receiving the data object.

11. A method comprising:
- a) at a server running an application security component, receiving administrator input about categories of data objects that mobile communication devices are permitted to access and about categories of data objects that mobile communication devices are not permitted to access;
  
  b) at the server running an application security component, processing the administrator input to create a plurality of categorization-based application policies;
  
  c) storing the plurality of categorization-based application policies in data storage accessible to the server running the application security component;
  
  d) at the server running the application security component, establishing communication with a specific mobile communication device to obtain information about the specific mobile communication device;
  
  e) at the server running the application security component, based upon the obtained information, identifying from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; and
  
  f) at the server running the application security component, making the identified categorization-based application policy available to the specific mobile communication device.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein establishing communication with a specific mobile communication device comprises establishing communication with an application security component running on the mobile communication device.
  - 13. The method of claim 11, further comprising obtaining data about mobile communication devices, and wherein the processing comprises processing the administrator input and the data about the mobile communication devices to create a plurality of categorization-based application policies.
  - 14. The method of claim 13, wherein the data about mobile communication devices comprises data about mobile communication device types and operating systems.

15. A method comprising:
- a) at a mobile communication device running an application security component, receiving a request to access a data object and information about the data object;
  
  b) at the mobile communication device, in response to the request, sending the information about the data object and information about the mobile communication device to a server;
  
  c) at the mobile communication device, receiving notification from the server that the mobile communication device is permitted to access the data object when the server determines that the mobile communication device is permitted to access the data object, the determination based on;
  
  a. an identified categorization-based application policy, the identified policy identified from a plurality of categorization-based application policies based upon the information about the mobile communication device, the plurality of categorization-based application policies created from processing administrator input about categories of data objects that mobile communication devices are permitted to access and about categories of data objects that mobile communication devices are not permitted to access, andb. the information about the data object; and
  
  d) at the mobile communication device, receiving notification from the server that the mobile communication device is not permitted to access the data object when the server determines that the mobile communication device is not permitted to access the data object, the determination based on;
  
  a. an identified categorization-based application policy, the identified policy identified from a plurality of categorization-based application policies based upon the information about the mobile communication device, the plurality of categorization-based application policies created from processing administrator input about categories of data objects that mobile communication devices are permitted to access and about categories of data objects that mobile communication devices are not permitted to access, andb. the information about the data object.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15 wherein, when the mobile communication device is not permitted to access the data object, the data object is deleted from the mobile communication device when the data object is present.
  - 17. The method of claim 15, wherein, when the mobile communication device is not permitted to access the data object, the data object is quarantined so that the data object is not accessible to the mobile communication device when the data object is present.
  - 18. The method of claim 15, wherein the information about the mobile communication device comprises data about an operating system used by the mobile communication device.
  - 19. The method of claim 15, further comprising, at the mobile communication device, receiving the data object.

20. A method comprising:
- a) at a server running an application security component, processing;
  
  categorization data about data objects available for access by mobile communication devices;
  
  mobile communication device data about types of mobile communication devices; and
  
  data about mobile communication device operating systems, to create a plurality of categorization-based application policies;
  
  b) storing the plurality of categorization-based application policies in data storage accessible to the server running the application security component;
  
  c) establishing communication between the server running the application security component and the specific mobile communication device;
  
  d) at the server running the application security component, obtaining information about the specific mobile communication device including the mobile communication device type and operating system;
  
  e) at the server running the application security component, obtaining information from the specific mobile communication device about a data object;
  
  f) at the server running the application security component, based upon the obtained information about the specific mobile communication device, identifying from the plurality, a categorization-based application policy that is apt for the specific mobile communication device;
  
  g) at the server running the application security component, applying the identified categorization-based application policy to the obtained information about the data object;
  
  h) when the server running the application security component determines that the specific mobile communication device is permitted to access the data object, the server running the application security component notifies the specific mobile communication device that it is permitted to access the data object; and
  
  i) when the server running the application security component determines that the specific mobile communication device is not permitted to access the data object, the server running the application security component notifies the specific mobile communication device that it is not permitted to access the data object.
- View Dependent Claims (21, 22, 23)
- - 21. The method of claim 20, wherein establishing communication with a specific mobile communication device comprises establishing communication with an application security component running on the mobile communication device.
  - 22. The method of claim 20, wherein, when the server running the application security component determines that the specific mobile communication device is not permitted to access the data object, the server running the application security component notifies the specific mobile communication device to delete the data object when the data object is present.
  - 23. The method of claim 20, wherein, when the server running the application security component determines that the specific mobile communication device is not permitted to access the data object, the server running the application security component notifies the specific mobile communication device to quarantine the data object so that the data object is not accessible to the mobile communication device when the data object is present.

24. A system, comprising at least one processor and memory and instructions that when executed cause the at least one processor to:
- a) create a plurality of categorization-based application policies;
  
  b) store the plurality of categorization-based application policies in data storage;
  
  c) establish communication with a specific mobile communication device to obtain information about the specific mobile communication device;
  
  d) based upon the obtained information, identify from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; and
  
  ,e) make the identified categorization-based application policy available to the specific mobile communication device.
- View Dependent Claims (25)
- - 25. The system of claim 24, wherein create a plurality of categorization-based application policies comprises processing:
    - categorization data about data objects available for access by mobile communication devices;
      
      mobile communication device data about mobile communication devices; and
      
      data about mobile communication device operating systems, to create the plurality of categorization-based application policies.

26. A method comprising:
- a) at a server running an application security component, receiving administrator input about access security policies for mobile communication devices;
  
  b) at the server running an application security component, storing a plurality of access security policies in data storage accessible to the server running an application security component, the plurality of access security policies stored based on the administrator input;
  
  c) at the server running an application security component, receiving from a specific mobile communication device a request for access to a data object, the request comprising information about the data object and about the specific mobile communication device;
  
  d) at the server running an application security component, based on the received information, identifying from the plurality an application access security policy that is apt for the mobile communication device;
  
  e) at the server running an application security component, applying the identified application access security policy to the data object based on the information received about the data object;
  
  f) when the server running the application security component determines that the specific mobile communication device is permitted to access the data object, the server running the application security component notifies the specific mobile communication device that it is permitted to access the data object; and
  
  g) when the server running the application security component determines that the specific mobile communication device is not permitted to access the data object, the server running the application security component notifies the specific mobile communication device that it is not permitted to access the data object.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method of claim 26, wherein, when the server running the application security component determines that the specific mobile communication device is not permitted to access the data object, the server running the application security component notifies the specific mobile communication device to delete the data object when the data object is present.
  - 28. The method of claim 26, wherein, when the server running the application security component determines that the specific mobile communication device is not permitted to access the data object, the server running the application security component notifies the specific mobile communication device to quarantine the data object so that the data object is not accessible to the mobile communication device when the data object is present.
  - 29. The method of claim 26, wherein the received information used in identifying the application access security policy that is apt for the mobile communication device comprises:
    - the information received about the data object, the information received about the specific mobile communication device, or both the information received about the data object and the information received about the specific mobile communication device.
  - 30. The method of claim 26, wherein the information received about the specific mobile communication device comprises information about the mobile communication device type, and about the operating system on the mobile communication device.

31. A method comprising:
- a) at a mobile communication device running an application security component, receiving a request to access a data object and information about the data object;
  
  b) at the mobile communication device, in response to the request, sending the information about the data object and information about the mobile communication device to a server;
  
  c) at the mobile communication device, receiving notification from the server that the mobile communication device is permitted to access the data object when the server determines that the mobile communication device is permitted to access the data object, the determination based on;
  
  a. administrator input about access security policies for mobile communication devices,b. the information about the data object, andc. the information about the mobile communication device; and
  
  d) at the mobile communication device, receiving notification from the server that the mobile communication device is not permitted to access the data object when the server determines that the mobile communication device is not permitted to access the data object, the determination based on;
  
  a. administrator input about access security policies for mobile communication devices,b. the information about the data object, andc. the information about the mobile communication device.
- View Dependent Claims (32, 33)
- - 32. The method of claim 31, wherein, when the mobile communication device is not permitted to access the data object, the data object is deleted from the mobile communication device when the data object is present.
  - 33. The method of claim 31, wherein, when the mobile communication device is not permitted to access the data object, the data object is quarantined so that the data object is not accessible to the mobile communication device when the data object is present.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick

Granted Patent

US 9,294,500 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/564   by virus signature recognition

G06F 21/57   Certifying or maintaining t...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR CREATING AND APPLYING CATEGORIZATION-BASED POLICY TO SECURE A MOBILE COMMUNICATIONS DEVICE FROM ACCESS TO CERTAIN DATA OBJECTS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CREATING AND APPLYING CATEGORIZATION-BASED POLICY TO SECURE A MOBILE COMMUNICATIONS DEVICE FROM ACCESS TO CERTAIN DATA OBJECTS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links